secure_ssh.sh

#!/bin/bash
#command=$(cat /var/log/secure |awk '/Failed/{print $(NF-3)}' |sort|uniq -c|awk '{print $2"="$1;}')

cat /var/log/secure |awk '/Failed/{print $(NF-3)}' |sort|uniq -c|awk '{print $2"="$1;}' > /root/black.txt
#$command > /root/black.txt

for i in $(cat /root/black.txt); do IP=$(echo $i |awk -F "=" '{print $1}'); NUM=$(echo $i|awk -F "=" '{print $2}'); DEFINE=5; if [ $NUM -gt $DEFINE ];then grep $IP /etc/hosts.deny > /dev/null; if [ $? -gt 0 ];then echo "sshd:$IP:deny" >> /etc/hosts.deny; fi; fi; done

#!/bin/bash
#Usage: ./$0
#查看安全日志，登陆次数超过5次的ip地址添加到/etc/hosts.deny.禁止该ip访问linux 的sshd服务

#定义登陆失败的次数
time=5
cat /var/log/secure |awk '/Failed/{print $(NF-3)}' |sort|uniq -c|awk '{print $2"="$1;}' > /root/SSH_FAILD_IP.txt

for i in $(cat SSH_FAILD_IP.txt); 
do 
  IP=$(echo $i |awk -F "=" '{print $1}'); 
  NUM=$(echo $i|awk -F "=" '{print $2}'); 
  if [ $NUM -gt $time ];then 
    grep $IP /etc/hosts.deny > /dev/null; 
      if [ $? -gt 0 ];then 
        echo "sshd:$IP:deny" >> /etc/hosts.deny; 
      fi; 
  fi; 
done